save development progress

docs/24_OFFLINE_KIT.md

@@ -443,7 +443,119 @@ stella scan export-bundle --scan <scan-id> --output /offline/reachability/<scan-
 ```
 
 ---
-## 3 · Delta patch workflow
+## 2.3 · Provcache Air-Gap Integration
+
+The Provenance Cache (Provcache) supports air-gapped environments through minimal proof bundles with lazy evidence fetching.
+
+### Proof Bundle Density Levels
+
+| Density | Contents | Typical Size | Air-Gap Usage |
+|---------|----------|--------------|---------------|
+| **Lite** | DecisionDigest + ProofRoot + Manifest | ~2 KB | Requires lazy fetch for evidence |
+| **Standard** | + First ~10% of evidence chunks | ~200 KB | Partial evidence, lazy fetch remaining |
+| **Strict** | + All evidence chunks | Variable | Full compliance, no network needed |
+
+### Export Workflow
+
+```bash
+# Export lite bundle for minimal transfer size
+stella prov export --verikey sha256:<key> --density lite --output proof-lite.json
+
+# Export standard bundle (balanced)
+stella prov export --verikey sha256:<key> --density standard --output proof-std.json
+
+# Export strict bundle with full evidence + signature
+stella prov export --verikey sha256:<key> --density strict --sign --output proof-full.json
+```
+
+### Evidence Chunk Export for Sneakernet
+
+For fully air-gapped environments using lite/standard bundles:
+
+```bash
+# Export all evidence chunks to directory for transport
+stella prov export-chunks --proof-root sha256:<root> --output /mnt/usb/evidence/
+
+# Output structure:
+/mnt/usb/evidence/
+  ├── sha256-<proof_root>/
+  │   ├── manifest.json
+  │   ├── 00000000.chunk
+  │   ├── 00000001.chunk
+  │   └── ...
+```
+
+### Import Workflow on Air-Gapped Host
+
+```bash
+# Import with lazy fetch from file directory (sneakernet)
+stella prov import proof-lite.json --lazy-fetch --chunks-dir /mnt/usb/evidence/
+
+# Import with lazy fetch from local server (isolated network)
+stella prov import proof-lite.json --lazy-fetch --backend http://provcache-server:8080
+
+# Import strict bundle (no network needed)
+stella prov import proof-full.json --verify
+```
+
+### Programmatic Lazy Fetch
+
+```csharp
+// File-based fetcher for air-gapped environments
+var fileFetcher = new FileChunkFetcher(
+    basePath: "/mnt/usb/evidence",
+    logger);
+
+var orchestrator = new LazyFetchOrchestrator(repository, logger);
+
+// Fetch and verify all missing chunks
+var result = await orchestrator.FetchAndStoreAsync(
+    proofRoot: "sha256:...",
+    fileFetcher,
+    new LazyFetchOptions
+    {
+        VerifyOnFetch = true,
+        BatchSize = 100
+    });
+
+if (result.Success)
+    Console.WriteLine($"Fetched {result.ChunksStored} chunks");
+```
+
+### Bundle Format (v1)
+
+```json
+{
+    "version": "v1",
+    "exportedAt": "2025-01-15T10:30:00Z",
+    "density": "standard",
+    "digest": {
+        "veriKey": "sha256:...",
+        "verdictHash": "sha256:...",
+        "proofRoot": "sha256:...",
+        "trustScore": 85
+    },
+    "manifest": {
+        "proofRoot": "sha256:...",
+        "totalChunks": 42,
+        "totalSize": 2752512,
+        "chunks": [...]
+    },
+    "chunks": [...],
+    "signature": {
+        "algorithm": "ECDSA-P256",
+        "signature": "base64...",
+        "signedAt": "2025-01-15T10:30:01Z"
+    }
+}
+```
+
+### Related Documentation
+
+- [Provcache Architecture](modules/provcache/architecture.md) — Detailed architecture and API reference
+- [Provcache README](modules/provcache/README.md) — Configuration and usage guide
+
+---## 3 · Delta patch workflow
 
 1. **Connected site** fetches `stella-ouk-YYYY‑MM‑DD.delta.tgz`.
 2. Transfer via any medium (USB, portable disk).